[SCTP]: Implement SCTP-AUTH initializations.

{

	struct sctp_sock *sp;

	int i;

	sctp_paramhdr_t *p;

	int err;

	/* Retrieve the SCTP per socket area.  */

	sp = sctp_sk((struct sock *)sk);

	asoc->default_timetolive = sp->default_timetolive;

	asoc->default_rcv_context = sp->default_rcv_context;

	/* AUTH related initializations */

	INIT_LIST_HEAD(&asoc->endpoint_shared_keys);

	err = sctp_auth_asoc_copy_shkeys(ep, asoc, gfp);

	if (err)

		goto fail_init;

	asoc->active_key_id = ep->active_key_id;

	asoc->asoc_shared_key = NULL;

	asoc->default_hmac_id = 0;

	/* Save the hmacs and chunks list into this association */

	if (ep->auth_hmacs_list)

		memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,

			ntohs(ep->auth_hmacs_list->param_hdr.length));

	if (ep->auth_chunk_list)

		memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,

			ntohs(ep->auth_chunk_list->param_hdr.length));

	/* Get the AUTH random number for this association */

	p = (sctp_paramhdr_t *)asoc->c.auth_random;

	p->type = SCTP_PARAM_RANDOM;

	p->length = htons(sizeof(sctp_paramhdr_t) + SCTP_AUTH_RANDOM_LENGTH);

	get_random_bytes(p+1, SCTP_AUTH_RANDOM_LENGTH);

	return asoc;

fail_init:

	if (asoc->addip_last_asconf)

		sctp_chunk_free(asoc->addip_last_asconf);

	/* AUTH - Free the endpoint shared keys */

	sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);

	/* AUTH - Free the association shared key */

	sctp_auth_key_put(asoc->asoc_shared_key);

	sctp_association_put(asoc);

}

			sctp_assoc_set_id(asoc, GFP_ATOMIC);

		}

	}

	/* SCTP-AUTH: XXX something needs to be done here*/

}

/* Update the retran path for sending a retransmitted packet.

						struct sock *sk,

						gfp_t gfp)

{

	struct sctp_hmac_algo_param *auth_hmacs = NULL;

	struct sctp_chunks_param *auth_chunks = NULL;

	struct sctp_shared_key *null_key;

	int err;

	memset(ep, 0, sizeof(struct sctp_endpoint));

	ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp);

	if (!ep->digest)

		return NULL;

	if (sctp_auth_enable) {

		/* Allocate space for HMACS and CHUNKS authentication

		 * variables.  There are arrays that we encode directly

		 * into parameters to make the rest of the operations easier.

		 */

		auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) +

				sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp);

		if (!auth_hmacs)

			goto nomem;

		auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) +

					SCTP_NUM_CHUNK_TYPES, gfp);

		if (!auth_chunks)

			goto nomem;

		/* Initialize the HMACS parameter.

		 * SCTP-AUTH: Section 3.3

		 *    Every endpoint supporting SCTP chunk authentication MUST

		 *    support the HMAC based on the SHA-1 algorithm.

		 */

		auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO;

		auth_hmacs->param_hdr.length =

					htons(sizeof(sctp_paramhdr_t) + 2);

		auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1);

		/* Initialize the CHUNKS parameter */

		auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS;

		/* If the Add-IP functionality is enabled, we must

		 * authenticate, ASCONF and ASCONF-ACK chunks

		 */

		if (sctp_addip_enable) {

			auth_chunks->chunks[0] = SCTP_CID_ASCONF;

			auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;

			auth_chunks->param_hdr.length =

					htons(sizeof(sctp_paramhdr_t) + 2);

		}

	}

	/* Initialize the base structure. */

	/* What type of endpoint are we?  */

	ep->base.type = SCTP_EP_TYPE_SOCKET;

	ep->last_key = ep->current_key = 0;

	ep->key_changed_at = jiffies;

	/* SCTP-AUTH extensions*/

	INIT_LIST_HEAD(&ep->endpoint_shared_keys);

	null_key = sctp_auth_shkey_create(0, GFP_KERNEL);

	if (!null_key)

		goto nomem;

	list_add(&null_key->key_list, &ep->endpoint_shared_keys);

	/* Allocate and initialize transorms arrays for suported HMACs. */

	err = sctp_auth_init_hmacs(ep, gfp);

	if (err)

		goto nomem_hmacs;

	/* Add the null key to the endpoint shared keys list and

	 * set the hmcas and chunks pointers.

	 */

	ep->auth_hmacs_list = auth_hmacs;

	ep->auth_chunk_list = auth_chunks;

	return ep;

nomem_hmacs:

	sctp_auth_destroy_keys(&ep->endpoint_shared_keys);

nomem:

	/* Free all allocations */

	kfree(auth_hmacs);

	kfree(auth_chunks);

	kfree(ep->digest);

	return NULL;

}

/* Create a sctp_endpoint with all that boring stuff initialized.

	/* Free the digest buffer */

	kfree(ep->digest);

	/* SCTP-AUTH: Free up AUTH releated data such as shared keys

	 * chunks and hmacs arrays that were allocated

	 */

	sctp_auth_destroy_keys(&ep->endpoint_shared_keys);

	kfree(ep->auth_hmacs_list);

	kfree(ep->auth_chunk_list);

	/* AUTH - Free any allocated HMAC transform containers */

	sctp_auth_destroy_hmacs(ep->auth_hmacs);

	/* Cleanup. */

	sctp_inq_free(&ep->base.inqueue);

	sctp_bind_addr_free(&ep->base.bind_addr);

	packet->vtag = vtag;

	packet->has_cookie_echo = 0;

	packet->has_sack = 0;

	packet->has_auth = 0;

	packet->ipfragok = 0;

	packet->auth = NULL;

	if (ecn_capable && sctp_packet_empty(packet)) {

		chunk = sctp_get_ecne_prepend(packet->transport->asoc);

	packet->vtag = 0;

	packet->has_cookie_echo = 0;

	packet->has_sack = 0;

	packet->has_auth = 0;

	packet->ipfragok = 0;

	packet->malloced = 0;

	packet->auth = NULL;

	return packet;

}

	/* Enable PR-SCTP by default. */

	sctp_prsctp_enable = 1;

	/* Disable AUTH by default. */

	sctp_auth_enable = 0;

	sctp_sysctl_register();

	INIT_LIST_HEAD(&sctp_address_families);

		.mode		= 0644,

		.proc_handler	= &proc_dointvec,

	},

	{

		.ctl_name	= CTL_UNNUMBERED,

		.procname	= "auth_enable",

		.data		= &sctp_auth_enable,

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec,

		.strategy	= &sysctl_intvec

	},

	{ .ctl_name = 0 }

};